Skip to main content

Mozilla Fights Back Against Surveillance Malware Sold to Governments, As New Report Shows It's Spreading

May 7, 2013

Mozilla Fights Back Against Surveillance Malware Sold to Governments, As New Report Shows It's Spreading

Last week, Mozilla took an important step in the fight against the proliferation of pervasive surveillance technologies by sending a cease and desist letter to Gamma International, demanding Gamma stop using Mozilla’s trademark. Gamma makes the notorious Finspy and Finfisher malware that has ended up in the hands of authoritarian regimes.  Citizen Lab’s Morgan Marquis-Boire has spearheaded research showing that Finspy tries to trick users by using the Mozilla Firefox name to masquerade as legitimate software.

As Marquis-Boire detailed last year, once FinFisher is on a user’s computer, the attacker can see everything the user can, log every key stroke and access every file on the device. FinFisher products can even remotely turn on the user’s webcam or microphone in a cell phone without the user’s knowledge.

Mozilla wrote in a blog post, “We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.”

Trademark owners often abuse the law to stifle free speech and put competitors at a disadvantage. Gamma’s actions here, however, are exactly what trademark laws are designed to address: consumer deception, and especially the kind of deception that can cause serious harm.   Given that Firefox is a leading producer of privacy enhancing technologies, they wrote they “cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy.”

Gamma and FinFisher first made headlines in 2011 after the fall of Hosni Mubarak in Egypt. Documents found in an abandoned state security building showed that Gamma provided Mubarak with a five-month trial of their sophisticated spying technology, most notably FinSpy, which can wiretap encrypted Skype phone calls and instant messages.

Last year, the New York Times reported that Bahraini democracy activists found FinFisher spyware on their mobile devices. FinFisher denied they had sold to Bahrain, saying the Trojan was a stolen demo copy.

Two of the same researchers who analyzed the Bahraini spyware, Marquis-Boire and Bill Marczak, teamed up with Claudio Guarnieri and John Scott-Railton to publish a report for Citizen Lab last week on these very same surveillance technologies. Their report focused on FinFisher’s reach around the globe, noting, “Our findings highlight the increasing dissonance between [United Kingdom-based Gamma International's] public claims that FinSpy is used exclusively to track ‘bad guys’ and the growing body of evidence suggesting that the tool has and continues to be used against opposition groups and human rights activists.”

Unfortunately, Gamma is far from the only company that sells or produces this type of surveillance malware, as the Citizen Lab report makes clear. And in the United States, the FBI has been attempting to use similar hacking techniques to gather information about suspects under criminal investigation. Two weeks ago, a judge described the capabilities of FBI’s malware in detail:

Once installed, the software has the capacity to search the computer’s hard drive, random access memory, and other storage media; to activate the computer’s built-in camera; to generate latitude and longitude coordinates for the computer’s location; and to transmit the extracted data to FBI agents within this district.

The judge denied the FBI’s request, ruling that the FBI didn’t explain how it would locate and target the suspect’s computer and how it would avoid sending the malware to anyone else.  

One thing is for certain, this problem is not going away. Luckily groups like Citizen Lab and Privacy International are out there fighting every day.



JavaScript license information